If you're at a publicly traded company, you might have your accounting firm check into the implications of storing this kind of financial data with respect to Sarbanes-Oxley (SOX). Just a thought...also could be a useful way to get more time for analyzing the situation :)
William On Tue, 15 Mar 2005, Ron Joffe wrote: > On Tuesday 15 March 2005 13:01, Brian Henning wrote: > > Hi Guys, > > It's becoming inevitable that my employer is going to ask me to add > > the ability to store credit card numbers to a point-of-sale application > > I've been developing. I've been steadfastly refusing to do so thus far > > because I don't want the security responsibility for the data... But > > it's become clear that we really do need to be able to retrieve the data > > to do things like process RMA credits and whatnot. > > > > So my question is... What encryption scheme should I be studying? I > > really don't know a lot about encryption.. Here are the requirements I > > have for whatever method you folks suggest. > > > > - Easily integrated into the application as it is. Something that could > > live in a MySQL field or two would be optimal. > > - Reversable, obviously. > > - Reasonably secure against decryption by Bad Guys. > > - Reasonably easy to work with in Java. > > > > The MySQL server doesn't answer requests outside the local net, but I > > have to assume that there's a chance someone could get in and see the > > raw table data.. > > > > So. Suggestions? > > > > Thanks! > > ~Brian > > I Just read this article, It's oracle specific, but the ideas should be > applicable. > > http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html > > Ron > > > > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
